Don’t Introduce Fears Where None Exist: Questioning Security Messaging Online

alarm

Having been in the e-commerce space for quite some time now, there are a lot of standard actions that most sites tend to partake in – best practices, if you will.

One of these is the use of security messaging online. This could be as simple as a privacy guarantee, or something more complex like a “guaranteed secure” logo or badge from a leading security firm. What’s interesting though, is that even though it may seem a given that reinforcing security measures on your site (especially in e-commerce, where payment information is often stored on the servers) would be a positive, it in fact can be be detrimental to your overall success.

In a test a while back, I decided to look to see if running security messaging code on the site was beneficial, or if the slowdown in server call from running a third-party script on the site was bringing down our overall conversion rate. In particular, we focused on the shopping cart and checkout, which is where one would think this would be most beneficial.

What we found, however, was quite different. Our initial tests showed that we did see better conversion when not calling in the third party script – which before beginning testing we thought could have been the result due to the improved page load speed. Upon thinking about it further, however, we came up with a hypothesis that possibly it wasn’t simply page load times that were the culprit – but that the messaging itself was causing a negative result.

So, we followed up with a similar test, this time loading the third party script, but hiding the messaging and image via CSS – thereby keeping page load time the same across both tests. The positive lift in removing the messaging remained.

Could it be that by putting this message in front of our customers we were, in fact, introducing a question of validity that they hadn’t even had in their mind in the first place? The site was an established brand, and well-trusted with millions of existing customers – but by introducing this message about “hey we’re a safe place” we may have actually come off as possibly a little shady – and introducing up a fear that wasn’t already present.

Now, it is possible that some segments of customers did benefit from the messaging, but we did check against new customers vs. returning customers, as well as several other important segments (such as geolocation) and the results were relatively consistent.

It just goes to show that everything should be tested. Some business may, in fact, see a lift from this type of messaging – in particular those from newly launched brands that are using their own proprietary cart or checkout system. In this case, however, following best practices was a no-no, as far as our ultimate goal was concerned.

We did keep the security messaging – but we moved it to the places where it was relevant, such as on our security and privacy policy pages and credit card management within the customer account areas. It was important to show customers who were asking the question that we were, in fact, safe and secure – but throwing that message out there to everyone was not the right approach.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>